The great pity about the legal battle between the Daily Mail and ‘Psychic’ Sally Morgan was that somebody had to win. The Mail’s humiliating failure to outsmart a Come Dine With Me contestant who talks to dead people is delicious, but it's spoiled somewhat by a psychic’s ‘vindication’ in the courts, like biting into a Wagon Wheel and finding Bovril inside. What’s even more galling is that she deserved to win.

Before we go any further, one thing needs to be made crystal clear. Ben Goldacre claimed on Twitter yesterday that, “The libel lawyers of the UK have decided in their wisdom that psychic powers are real after all.” Ben, I love you, but this is complete nonsense. The case was not about whether Sally Morgan is a psychic. Morgan sued for defamation because she felt the Mail’s article amounted to an accusation of fraud; that it suggested she deliberately misled the public by pretending to be a psychic. In particular, they accused her of using “a hidden earpiece in order to receive instructions from her team which she then repeated on stage as if she had received them from the spirit world.”

It sounds very plausible. Psychics and televangelists have used this technique in the past – Peter Popoff was famously exposed by James Randi, who used a radio scanner to intercept and expose radio communications between the performer and a backstage accomplice – his wife. She collected information from prayer cards filled out by audience members before the show, and then broadcast details to Popoff’s earpiece. To those in the theatre it seemed as if God Herself were channeling information to the performer (God’s contempt for personal privacy apparently exceeded the NSA’s by several orders of magnitude.). In reality, it was his wife: “Hello Petey, can you hear me? If you can’t you’re in trouble . . .”

Exposing Popoff’s fraud was a great feat of investigative journalism and rational inquiry. In the case of Sally Morgan however, nobody – not journalists, bloggers or skeptics - bothered to step up to the plate. In a supreme fit of irony, rationalists accused her of fraud without bothering to collect the evidence they needed to substantiate the claim. She sued, she won, and she deserved to win.

The response has not been very constructive, as Hayley Stevens noted in a blog post last night: “I saw many other angry tweets about how Sally Morgan was an obvious fraud and that it was ridiculous the courts has sided with her. It made me chuckle because most of the people making these statements were self-proclaimed skeptics and rational thinkers who ought to know the importance of evidence and how evidence actually works.”

This is just the most recent example of a much wider problem I have with people abusing terms like ‘fraud’, ‘scam’, or ‘liar’ when talking about quacks or charlatans. I’m not going to link to specific examples of this sort of defamation for obvious reasons, but you can easily see what I mean if you google, say, ‘homeopathy’ and ‘fraud’ – rationalists and skeptics merrily throwing around accusations of deliberate deception that they have absolutely no evidence for and no ability to stand up. The only way a skeptic could possibly ‘know’ without evidence that Sally Morgan intended to deceive people would be if they could somehow see into her mind and read her thoughts, like some kind of psyc . . . oh.

For many, it’s enough that someone is ‘wrong’. Meeting the ‘enemy’ or conducting the careful detective work that exposed Popoff, is unnecessary when you can just slag people off in a blog post about some stuff you found on Google, calling them a ‘fraud’ or a ‘murderer’ in the process. The problem with this sort of attitude – which I’ve been guilty of plenty of times myself - is that it’s unconvincing, strewn with errors, and it fails to understand the people involved.

For example, a lot of people seem unable to accept that psychics using tricks like cold reading – or even an earpiece - may still genuinely believe they have a supernatural skill. To them I would strongly recommend Derren Brown’s fascinating uncut interview with Richard Dawkins which tackles exactly that question. Belief is far less binary than a lot of people . . . well, believe; and people are rarely simple.

I learned this lesson myself when I met Jeremy Sherr - a homeopath who claims to treat HIV patients – in Tanzania. A number of people, myself included, had portrayed him as a sort of cartoon villain, laying waste to vast swathes of Africa. The reality on the ground was rather more complicated. Sherr is charismatic; a passionate true believer who makes real sacrifices to help African communities. He also does a hell of a lot of good beyond homeopathy – supporting victims of domestic violence, working to reduce Aids stigma, ensuring local children are fed and educated, and much more besides.

Of course I also believe that he’s profoundly and dangerously wrong, and that his activities may be putting lives at risk. Just how dangerous I can’t say, because like everyone else in the UK I simply don’t know. One of the big problems with homeopathy – and a lot of other interventions, bogus or otherwise – in Africa is that we just don’t have the data we need on what goes on there. There are no statistics, no monitoring agencies, and often no information at all beyond that supplied by aid workers themselves. It is impossible to quantify either the good or the harm that somebody like Jeremy Sherr does, and that in itself is a massive problem.

It’s tempting to say that he simply must be harming people, but that’s the opposite of rationalism. I’m not playing with scales of morality here, weighing up the good and the bad. Neither am I suggesting inaction. The bad is bad whatever the good, and it needs to be stopped if possible. (On that note, if you’re a skeptic and you want to help tackle homeopathy in Africa my advice would be to work with groups like INASP or SciDev. My point is that rationalists need to admit when we don’t know things. That, after all, is supposed to be the fundamental basis for rational inquiry.

We also need to be willing to trust people with the full story. Jeremy Sherr is a man with admirable qualities, who does a lot of good work. Some people will be unhappy with me making that statement, but it’s true, and failing to acknowledge this can be catastrophic. I interviewed a science teacher and NGO founder in Tanzania who was had read a number of skeptical blogs and been persuaded by them . . . that Sherr was probably right. Our descriptions of Sherr and his operation - some bloggers went so far as to imply he was a ‘murderer’ - were so comically cartoonish that they were easily dismissed. It was, if I’m honest, a humiliating lesson, one that made me question a lot of my previous writing.

We shouldn’t be afraid to tell people the full story, or admit the things we don’t know. If the facts are damning, we shouldn’t need to be spin them, leave bits out or exaggerate them. You don’t need to ignore the complex realities of Jeremy Sherr’s activities or imply that he’s a pantomime villain to highlight the very serious problems with his arrogant and dangerous behavior. You don’t need to call Psychic Sally a fraud to point out that it’s fundamentally sickening to see people pay money to a woman who claims to be able to speak to the dead.

When we go down that road, we make mistakes, we get sued, and it’s right that we get sued, because we’ve engaged in exactly the sort of sloppy, lazy, error-prone journalism we’d normally criticise. The irony hasn’t escaped me that I’m criticising an article in the Daily Mail, and I’m probably going to take a lot of flak for it.

Marcus Hutchins: What we know so far about the arrest of the hero hacker

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?

Arrest

Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities.

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.

Research?

Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.